Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-39336 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. | 8.8 |
| 2023-12-19 | CVE-2023-46262 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | 7.5 |
| 2023-12-19 | CVE-2023-46803 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
| 2023-12-19 | CVE-2023-46804 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
| 2023-12-16 | CVE-2023-39340 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | 7.5 |
| 2023-12-14 | CVE-2023-41719 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. | 7.2 |
| 2023-12-14 | CVE-2023-41720 | Unspecified vulnerability in Ivanti Connect Secure A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. | 7.8 |
| 2023-11-15 | CVE-2023-35080 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | 7.8 |
| 2023-11-15 | CVE-2023-38043 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | 7.8 |
| 2023-11-15 | CVE-2023-38543 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | 7.8 |